Retailers: Don’t Let Black Friday Cyberattacks Darken Holiday Shopping

Valentine’s Day, Mother’s Day, Independence Day, Back-to-School, and Halloween are days in which retailers reap huge profits. Yet nothing compares to the most wonderful time of the year: Thanksgiving Day to Cyber Monday. In a recent survey by the National Retail Federation (NRF), consumers say they will spend an average of $1,047.83 this holiday season, up 4 percent from the $1,007.24 they said they would spend in 2018.

As holiday shopping season kicks into high gear, holiday cheer isn’t the only thing spreading far and wide. The holiday shopping season represents a range of cybersecurity risks to retailers, their supply chains, and their customers:

• Retailers are often targeted by a wide range of tactics, techniques, and procedures (TTPs) including Card Not Present (CNP), gift card fraud, skimming, malware, account takeovers, and denial of service.
• Third-party vendor security has become a greater concern. When Target was breached back in 2014, the compromise happened via stolen vendor credentials of Target’s heating and air conditioning contractor. For most retailers, their Point of Sale (PoS) software and devices will be the Achilles Heel that constitutes a third-party risk.
• The holidays upon us and consumers are ready to shop. With increased spending, the holiday season becomes highly lucrative for cybercriminals as consumers have historically been the number one target.

While all organizations are potential targets of cyberattacks, the industries which possess the most valuable data are the biggest targets and retail is at the top of that list. There are numerous ways that retailers and consumers alike can disrupt and/or mitigate the activities of cybercriminals.

Following these steps can protect the retailer, their supply chain, and their customers from falling victim to cybercrime.

1. Conduct Email Threat Assessments
   With the increasing number of cyberattacks via email systems, companies should increasingly conduct periodic email threat assessments targeting malware that may have made it through their anti-virus and firewalls.
2. Perform Network and Endpoint Threat Assessments
   With the expansion of information systems, software applications, bring your own devices, and Internet of Things (IoT), testing networks and endpoints with Intrusion Detection Systems (IDS) will reduce potential vulnerabilities to cyber-attacks
3. Implement an Effective and Timely Patch Management Program
   Some of the most significant data breaches were the result of organizations’ failure to implement effective and timely software patch management programs of Microsoft and Cisco software.
4. Establish a Cybersecurity Awareness and Education Program
   The most cost-effective means to improve cybersecurity posture is to create a human firewall by providing quality cybersecurity educational programs to all employees and partners.
5. Ensure Continuous Monitoring, Detection, & Response (MDR)
   Every organization should invest in an appropriate level of MDR services based upon the cyber threats their organization encounters or anticipates. The key is to rapidly detect intrusions to quickly contain and eradicate the malware to reduce negative impacts upon the information system and data assets.

Cyberattacks are increasing in sophistication and magnitude of impact across all industries globally. However, taking proactive precautions and fine-tuning cybersecurity programs can help protect your business, supply chain and your customers against cyberattacks this holiday season.

READ MORE

by Callie Guenther | Cyber Threat Intelligence Manager
Featured in Retail IT Insights | November 19, 2019